Method and apparatus for configuring a virtual private network

The present invention provides a method and an apparatus for establishing a virtual private network that operates over a public data network. One embodiment of the present invention includes a system that selects a plurality of entities coupled to the public data network to include in the virtual private network. The system next assembles a plurality of identifiers for the plurality of entities. These identifiers are used to identify communications between the plurality of entities, so that these communications can be transferred securely over the public data network. A variation on this embodiment includes defining encryption, authentication and compression parameters for the virtual private network. In another variation, selecting the plurality of entities includes, assembling entities coupled to the public data network into groups, and selecting groups of entities to include in the virtual private network. Another variation includes defining access control rules specifying types of communications that are allowed to pass through virtual private network units. These virtual private network units are typically used to couple local area networks to the public network so that secure communications on the public network pass through the virtual private network units. Yet another variation on this embodiment includes defining address translation rules for virtual private network units coupled to the public data network. These address translation rules are used to translate local network addresses to public network addresses.

27 Claims, 8 Drawing Sheets